Study Guide for Linux System Administration II Lab work for LPI 102 released under the GFDL by LinuxIT Copyright (c) 2005 LinuxIT. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being History, Acknowledgements, with the Front-Cover Texts being “released under the GFDL by LinuxIT”. see full GFDL license agreement on p.137 LinuxIT Technical Education Centre Introduction __________________________________________________________ Introduction: Acknowledgements The original material was made available by LinuxIT's technical training centre www.linuxit.com. Many thanks to Andrew Meredith for suggesting the idea in the first place. A special thanks to all the students who have helped dilute the technical aspects of Linux administration through their many questions, this has led to the inclusion of more illustrations attempting to introduce concepts in a userfriendly way. Finally, many thanks to Paul McEnery for the technical advice and for starting off some of the most difficult chapters such as the ones covering the X server (101), modems (102), security (102) and the Linux kernel (102). The manual is available online at http://savannah.nongnu.org/projects/lpi-manuals/. Thank you to the Savannah Volunteers for assessing the project and providing us with the Web space. History First release (version 0.0) October 2003. Reviewed by Adrian Thomasset. Second release (revision1) January 2003. Reviewed by Andrew Meredith Release (version 1.1-test) March 2004. Reviewed by Adrian Thomasset. Reviewed in January-June 2005 by Adrian Thomasset Audience This course is designed as a 3 to 4 days practical course preparing for the LPI 102 exam. It is recommended that candidates have at least one year experience doing Linux administration professionally. However for those who are ready for a challenge the training is designed to provide as much insight and examples as possible to help non specialists understand the basic concepts and command sets which form the core of Linux computing. The LPI Certification Program There are currently two LPI certification levels. The first level LPIC-1 is granted after passing both exams LPI 101 and LPI 102. Similarly passing the LPI 201 and LPI 202 exams will grant the second level certification LPIC-2. There are no pre-requisites for LPI 101 and 102. However the exams for LPIC-2 can only be attempted once LPIC-1 has been obtained. Exam Registration _____________________________________________________________________ iii LinuxIT Technical Education Centre Introduction __________________________________________________________ In order to register for an LPI exam you first need to get a unique LPI at www.lpi.org. You will also need to register with one of the testing organisations such as www.vue.com or www.prometric.com No Guarantee The manual comes with no guarantee at all. Resources www.lpi.org www.linux-praxis.de www.lpiforums.com www.tldp.org www.fsf.org www.linuxit.com Notations Commands and filenames will appear in the text in bold. The <> symbols are used to indicate a non optional argument. The [] symbols are used to indicate an optional argument Commands that can be typed directly in the shell are highlighted as below command or command _____________________________________________________________________ iv LinuxIT Technical Education Centre Contents _____________________________________________________________________ The Linux Kernel 1 1. Kernel Concepts 2 2. The Modular Kernel 3 3. Routine Kernel Recompilation 5 4. Exercises and Summary 11 Booting Linux 14 1. Understanding Runlevels 15 2. Services and Runtime Control Scripts 16 3. The joys of inittab 18 4 LILO and GRUB 19 5. From boot to bash 22 6. Exercises and Summary 24 Managing Groups and Users 26 1. Creating new users 27 2. Working with groups 28 3. Configuration files 30 4. Command options 32 5. Modifying accounts and default settings 32 6. Exercises and Summary 34 Network Configuration 36 1. The Network Interface 37 2. Host Information 38 3. Stop and Start Networking 39 4. Routing 40 5. Common Network Tools 42 6. Exercises and Summary 45 TCP/IP Networks 48 1. Binary Numbers and the Dotted Quad 49 2. Broadcast Address, Network Address and Netmask 49 3. Network Classes 51 4. Classless Subnets 52 5. The TCP/IP Suite 53 6. TCP/IP Services and Ports 54 7. Exercices and Summary 56 Network Services 57 1. The inetd daemon (old) 58 2. The xinetd Daemon 59 3. Telnet and FTP 60 3. TCP wrappers 61 4. Setting up NFS 62 5. SMB and NMB 64 6. DNS services 66 7. Sendmail main Configuration 71 8. The Apache server 73 9. Exercises and Summary 74 _____________________________________________________________________ v LinuxIT Technical Education Centre Contents _____________________________________________________________________ Bash Scripting 78 1. The bash environment 79 2. Scripting Essentials 81 3. Logical evaluations 82 4. Flow Control and Loops 83 5. Expecting user input 85 6. Working with Numbers 85 7. Exercises and Summary 86 Basic Security 88 1. Local Security 89 2. Network Security 91 3. The Secure Shell 95 4. Time Configuration 97 5. Exercises and Summary 100 Linux System Administration 102 1. Logfiles and configuration files 103 2. Log Utilities 105 3. Automatic Tasks 106 4. Backups and Compressions 108 5. Documentation 110 6. Exercises and Summary 114 _____________________________________________________________________ vi LinuxIT Technical Education Centre The Linux Kernel ___________________________________________________________ The Linux Kernel Prerequisites  Understand shell tools and commands (see LPI 101)  Experience compiling and installing software from source (see LPI 101) Goals  Manage Linux kernel modules  Configure the kernel source  Compile and install a kernel Contents The Linux Kernel 1 1. Kernel Concepts 2 2. The Modular Kernel 3 3. Routine Kernel Recompilation 5 3.1 Source extraction 5 3.2 Kernel Configuration 6 3.3 Kernel Compilation 7 3.4 Installing a New Kernel 8 3.5 The full kernel version 9 3.5 Initial Ramdisks 9 3.6 Optional 10 3.7 Re-installing LILO 10 4. Exercises and Summary 11 _____________________________________________________________________ 1 LinuxIT Technical Education Centre The Linux Kernel ___________________________________________________________ 1. Kernel Concepts The two different types of Linux kernel are: A: Monolithic A monolithic kernel is one which has support for all hardware, network, and filesystem compiled into a single image file. B: Modular A modular kernel is one which has some drivers compiled as object files, which the kernel can load and remove on demand. Loadable modules are kept in /lib/modules. The advantage of a modular kernel is that it doesn’t always need to be recompiled when hardware is added or replaced on the system. Monolithic kernels boot slightly faster than modular kernels, but do not outperform the modular kernel _____________________________________________________________________ 2 LinuxIT Technical Education Centre The Linux Kernel ___________________________________________________________ 2. The Modular Kernel Many components of the Linux kernel may be compiled as modules which the kernel can dynamically load and remove as required. The modules for a particular kernel are stored in /lib/modules/<kernel-version>. The best components to modularise are ones not required at boot time, for example peripheral devices and supplementary file systems. Kernel modules are controlled by utilities supplied by the modutils package: – lsmod list currently loaded modules – rmmod remove a single module – insmod insert a single module – modprobe insert a module and dependencies listed in modules.dep – modinfo list information about the author, license type and module parameters Many modules are dependant on the presence of other modules. A flat file database of module dependencies /lib/modules/<kernel-version>/modules.dep is generated by the depmod command. This command is run at boot time (for example by the rc.sysinit script). modprobe will load any module and dependent modules listed in modules.dep (or conf.modules) Search for example for modules that will be loaded at the same time as tvaudio. grep tvaudio /lib/modules/kernel-version/modules.dep /lib/modules/kernel-version/kernel/drivers/media/video/tvaudio.o: \ /lib/modules/kernel-version/kernel/drivers/i2c/i2c-core.o This means that the module i2c-core.o will also be loaded when using modprobe. This dependency is also apparent when listing the module with lsmod: lsmod Module Size Used by Not tainted tvaudio 16796 0 (unused) i2c-core 19236 0 [tvaudio] /etc/modules.conf is consulted for module parameters (IRQ and IO ports) but most often contains a list of aliases. These aliases allow applications to refer to a device using a common name. For example the first ethernet device is always referred to as eth0 and not by the name of the particular driver. _____________________________________________________________________ 3 LinuxIT Technical Education Centre The Linux Kernel ___________________________________________________________ Sample /etc/modules.conf file alias eth0 e100 alias usb-core usb-uhc alias sound-slot-0 i810_audio alias char-major-108 ppp_generic alias ppp-compress-18 ppp_mppe # 100Mbps full duplex options eth0 e100_speed_duplex=4 modinfo will give information about modules. modinfo tvaudio filename: /lib/modules/kernel-version/kernel/drivers/media/video/tvaudio.o description: "device driver for various i2c TV sound decoder / audiomux chips" author: "Eric Sandeen, Steve VanDeBogart, Greg Alexander, Gerd Knorr" license: "GPL" parm: debug int parm: probe short array (min = 1, max = 48), description "List of adapter,address pairs to scan additionally" parm: probe_range short array (min = 1, max = 48), description "List of adapter,start-addr,end-addr triples to scan additionally" parm: ignore short array (min = 1, max = 48), description "List of adapter,address pairs not to scan" parm: ignore_range short array (min = 1, max = 48), description "List of adapter,start-addr,end-addr triples not to scan" parm: force short array (min = 1, max = 48), description "List of adapter,address pairs to boldly assume to be present" parm: tda9874a_SIF int parm: tda9874a_AMSEL int parm: tda9874a_STD int parm: tda8425 int parm: tda9840 int To get information only about parameter option use modinfo -p, to get information about the license type use modinfo -l , etc. kmod is a mechanism that allows the kernel to automatically load modules as needed (one seldom needs to insert modules manually). This is in fact a statically compiled (resident) module that needs to be configured before compiling the kernel. The command used by the kernel to load the modules is defined in /proc/sys/kernel/modprobe. _____________________________________________________________________ 4 [...]... • remove the symbolic link to the old kernel source directory tree rm linux Kernel sources which have been packaged as an RPM often create a link called linux- 2-4 • extract the new source archive (e.g linux- 2.4.20.tar.bz2) tar xjf linux- 2.4.29.tar.bz2 Note: The archived 2.2 series kernels create a directory called linux instead of linux- version This is why the first step is important, otherwise you... the kernel source tree (/usr/src /linux/ include) are generated this way The kernel itself is compiled with one of the commands: make zImage make bzImage When the command exits without any errors, there will be a file in the /usr/src /linux/ directory called vmlinux This is the uncompressed kernel _ 7 LinuxIT Technical Education Centre The Linux Kernel ... /usr/src /linux/ System. map /boot /System. map- 3.5 The full kernel version On a system, the version of the running kernel can be printed out with uname -r This kernel version is also displayed on the virtual terminals if the \k option is present in /etc/issue 3.5 Initial Ramdisks If any dynamically compiled kernel modules are required at boot time (e.g a scsi driver, or the filesystem... bzImage and is in the following directory: _ 12 LinuxIT Technical Education Centre The Linux Kernel _ /usr/src /linux/ arch/i386/boot/ We need to manually install this kernel (2 steps): (i) cp /usr/src /linux/ arch/i386/boot/bzImage /boot/vmlinuz- (ii) That was easy! We next edit the bootloader configuration file: – if you are... non-UNIX operating systems which only have 2 modes of functionality (on and off), UNIX operating systems, including Linux, have different runlevels such as "maintenance" runlevel or "multi-user" runlevel, etc Runlevels are numbered from 0 to 6 and will vary from one Linux distribution to another The description for each runlevel functionality is sometimes documented in /etc/inittab Example Linux runlevels... shown below: Editing the /etc/lilo.conf file _ 8 LinuxIT Technical Education Centre The Linux Kernel _ prompt timeout=50 message=/boot/message image=/boot/vmlinuz label =linux root=/dev/hda6 read-only Existing section image=/boot/vmlinuz- label =linux- new Added section root=/dev/hda6 read-only snip - The... _ 13 LinuxIT Technical Education Centre Booting Linux Booting Linux Prerequisites None Goals    Manage services (e.g mail, webserver, etc) using runlevels Understand the role of the init process and its configuration file /etc/inittab Recognise the three phases of the booting process: Bootlloader, Kernel and Init Contents Booting Linux ... This is why the first step is important, otherwise you may overwrite an old source tree with the new one Since kernel 2.4 the name of the directory is linux- version • create a symbolic link called linux from the newly created directory ln -s linux- 2.4.20 linux • The kernel is almost ready to be configured now, but first we need to make sure that all old binary files are cleared out of the source tree,... processes from a script stored in the file /etc/inittab shutdown shutdown(8) – brings the system down in a secure way All logged-in users are notified that the system is going down, and login(1) is blocked It is possible to shut the system down immediately or after a specified delay All processes are first notified that the system is going down by the signal SIGTERM This gives programs like vi(1) the time... and that they are not referred to by other modules _ 11 LinuxIT Technical Education Centre The Linux Kernel _ Before starting with the exercises make sure you don’t have an existing kernel tree in /usr/src/ If you do, pay attention to the /usr/src /linux symbolic link 1 Manually recompile the kernel following the compilation steps - Get . Study Guide for Linux System Administration II Lab work for LPI 102 released under the GFDL by LinuxIT Copyright (c) 2005 LinuxIT. Permission is granted to copy,. directory tree rm linux Kernel sources which have been packaged as an RPM often create a link called linux- 2-4 • extract the new source archive (e.g linux- 2.4.20.tar.bz2) tar xjf linux- 2.4.29.tar.bz2 Note:. /usr/src /linux/ directory called vmlinux. This is the uncompressed kernel. _____________________________________________________________________ 7 LinuxIT Technical Education Centre The Linux